rules help

Julian Field MailScanner at ecs.soton.ac.uk
Tue May 31 16:37:37 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

On 31 May 2005, at 15:15, Matt Kehler wrote:

       
Another question on the rules...  I have MailScanner.conf pointing
to filename.conf.rules ...as per below
 
#filename.conf.rules
FromOrTo:       bob at domain.com        
/etc/MailScanner/rules/filename.bob.rules
FromOrTo:       default                
/etc/MailScanner/rules/filename.default.rules
 
#filename.bob.rules
allow   bob.exe    -       -
#filename.default.rules
 ~ this has a boatload of denys in in...100 or so filenames..
 
Anyways...with the above config, *ANY FILE* sent
from bob at domain.com is allowed through.


Correct. The "default" ruleset is only used when no other rules match at
all. So this will be used in all cases except where the message is to or
from bob at domain.com.

The filename.rules.conf and filetype.rules.conf are "default allow". If
you want "default deny" then you need to add a rule to the end of
filename.bob.rules that denies everything.

        Everything else works as it should (ie, no other users can
      send exe's or any other file listed as deny in
      filename.default.rules).  I am assuming because the rules
      allow bob.exe to get through..but filename.default.rules does
      NOT get processed after that.


Correct.

        Looking through the emails on the list regarding rules from
      last week, it would seem I need to change the
      filename.conf.rules so that it adds in the 2nd line as per
      below
 
#filename.conf.rules
FromOrTo:       bob at domain.com        
/etc/MailScanner/rules/filename.bob.rules
FromOrTo:       *@domain.com             /etc/MailScanner/rules/filename.defaul
.rules
FromOrTo:       default                
/etc/MailScanner/rules/filename.default.rules
 
Is this correct?


Yes.

        Does 'default' not really mean 'everything'?


If I meant "everything" that is what it would have said :-)
The "default" rule in a ruleset is *ONLY* used when no other rule
matches. It specified the default action to be taken in the event that
nothing else defines an action.

        I take it 'default' is only triggered if NO other rules
      have been processed...as opposed to meaning 'default' will
      ALWAYS get processed?


Correct.

-- 
Julian Field
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/)
and the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list